PT-2017-3120 · Spidercontrol · Spidercontrol Scada Web Server

Published

2017-09-07

Updated

2020-08-19

CVE-2017-12728

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SpiderControl SCADA Web Server versions 2.02.0007 and prior

Description An issue with improper privilege management was found, allowing authenticated, non-administrative local users to modify service executables with elevated privileges. This could enable an attacker to execute arbitrary code in the context of the current system services.

Recommendations For SpiderControl SCADA Web Server versions 2.02.0007 and prior, consider restricting access to service executables to prevent modification with escalated privileges until a patch is available. As a temporary workaround, limit the privileges of non-administrative local users to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

BDU:2017-02520

CVE-2017-12728

Affected Products

Spidercontrol Scada Web Server

PT-2017-3120 · Spidercontrol · Spidercontrol Scada Web Server

CVE-2017-12728

Weakness Enumeration

Related Identifiers

Affected Products

References · 5